As announced on July 7, RPI was notified by the National Student Clearinghouse (NSC) that student data at the NSC was affected by a significant cybersecurity event involving the MOVEit Transfer tool used by the NSC. The scope and extent of this cyber-trespass is still under investigation and per the NSC RPI will not be provided with the impacted data for a few weeks. Information and updates will be provided as available.
Rensselaer has also been notified by TIAA that one of their vendors, Pension Benefit Information (PBI), was impacted by the same MOVEit vulnerability and data was compromised. TIAA provides investment and insurance services for employees working for many organizations in the nonprofit industry in academic, research, medical, government, and cultural fields. TIAA has indicated that the incident involves PBI, a vendor that TIAA uses for verifying death notices. Those individuals have been identified and formally, through letters, notified by RPI (TIAA Kaspick (93 donors), and TIAA (1056 former employees)); they will also receive formal notification and next steps directly from the vendor. At this time, we are not aware of any active faculty and staff that have been affected by this compromise.
Given the widespread use of the MOVEit software and emerging investigations, it is possible RPI will be notified of further data breaches. Updates will be provided as available. This was not a local data breach. Our systems remain unaffected.
We recommend all community members remain alert as part of good cyber hygiene practices to protect ourselves and our personal information:
- Be aware of phishing/spam.
- Do not give out personal information, including responding to unknown emails, voice calls, and text messages.
- Do not reuse passwords across accounts.
- Enable MFA (multi-factor authentication) on all accounts where possible.
- Your RCS password should be unique to Rensselaer and not used for other services/accounts.
- Regularly check bank and credit card activity.
- Monitor your credit reports closely and regularly.
- If you notice any suspicious activity notify your providers immediately.
With regards to this incident:
Consider placing a fraud alert on your accounts at one of the major credit agencies (Equifax, Experian, or TransUnion).
- Consider placing a credit freeze at each of the three major credit agencies.
- Contact the Social Security Administration at 1800.772.1213 to block electronic access to your information.
- Identity theft reporting information and resources can be found at www.identitytheft.gov.
We continue to actively monitor the situation and are prepared to address any concerns that may arise. We are committed to assessing any potential ramifications to community members who may be affected. We will continue to gather information as this situation develops and provide relevant updates.